Total
308723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53584 | 2025-08-29 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injection. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2. | |||||
| CVE-2025-9586 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. | |||||
| CVE-2025-53508 | 2025-08-29 | N/A | 7.2 HIGH | ||
| Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status]. | |||||
| CVE-2025-53243 | 2025-08-29 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through 4.5.3. | |||||
| CVE-2025-31972 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components. | |||||
| CVE-2025-9582 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-54724 | 2025-08-29 | N/A | 7.1 HIGH | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Golo allows Reflected XSS. This issue affects Golo: from n/a through 1.7.1. | |||||
| CVE-2025-54738 | 2025-08-29 | N/A | 9.8 CRITICAL | ||
| Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobmonster allows Authentication Abuse. This issue affects Jobmonster: from n/a through 4.7.9. | |||||
| CVE-2025-9585 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9591 | 2025-08-29 | 3.3 LOW | 2.4 LOW | ||
| A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-54995 | 2025-08-29 | N/A | 6.5 MEDIUM | ||
| Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. | |||||
| CVE-2025-53337 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Ashan Perera LifePress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LifePress: from n/a through 2.1.3. | |||||
| CVE-2025-9649 | 2025-08-29 | 1.7 LOW | 3.3 LOW | ||
| A security vulnerability has been detected in appneta tcpreplay 4.5.1. Impacted is the function calc_sleep_time of the file send_packets.c. Such manipulation leads to divide by zero. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. Upgrading to version 4.5.3-beta3 is recommended to address this issue. It is advisable to upgrade the affected component. The vendor confirms in a GitHub issue reply: "Was able to reproduce in 6fcbf03 but NOT 4.5.3-beta3." | |||||
| CVE-2025-48979 | 2025-08-29 | N/A | 3.4 LOW | ||
| An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access. | |||||
| CVE-2025-9576 | 2025-08-29 | 1.0 LOW | 2.5 LOW | ||
| A vulnerability was identified in seeedstudio ReSpeaker LinkIt7688. Impacted is an unknown function of the file /etc/shadow of the component Administrative Interface. The manipulation leads to use of default credentials. An attack has to be approached locally. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-48364 | 2025-08-29 | N/A | 4.9 MEDIUM | ||
| Server-Side Request Forgery (SSRF) vulnerability in vEnCa-X rajce allows Server Side Request Forgery. This issue affects rajce: from n/a through 0.4.2. | |||||
| CVE-2025-9581 | 2025-08-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-58335 | 2025-08-29 | N/A | 5.5 MEDIUM | ||
| In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function | |||||
| CVE-2025-9619 | 2025-08-29 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-31979 | 2025-08-29 | N/A | 5.4 MEDIUM | ||
| A File Upload Validation Bypass vulnerability has been identified in the HCL BigFix SM, where the application fails to properly enforce file type restrictions during the upload process. An attacker may exploit this flaw to upload malicious or unauthorized files, such as scripts, executables, or web shells, by bypassing client-side or server-side validation mechanisms. | |||||